On Thu, Jan 5, 2012 at 10:08 PM, Gaurav Kansal <gaurav.kan...@nic.in> wrote:
> Dear All, > > I am new to DNSSEC. > I purchase a new domain especially for testing dnssec. > When i ask my domain seller to put my DS key in .IN Domain, they say that > .IN Domain is still not ready for this But as per my knowledge .IN is > DNSSEC ready. > I do the *"dig @8.8.8.8 in. NS +dnssec"* query, and it is showing the > RRSIG record in the query answer. > It this is sufficient to prove that .IN Domain is DNSSEC enabled or i have > to check something else.???? > > What this shows is that IN itself is signed in the root This is the first step in a TLD accepting DS records from sub-domains, but does not mean that they are ready to do so. You would really need to contact whoever manages .in and ask them if they are accepting keys. Also, even if you find a DS record in .in, it may not indicate that they are ready to open the doors to general addition of DS records. They may be testing and developing tools to handle them and have just a few test cases. I know that when I got a DS record added for a zone I handled that it was a mostly manual operation to test and confirm that things were working when the registry was not yet ready to accept DS keys in any standard way. -- R. Kevin Oberman, Network Engineer E-mail: kob6...@gmail.com
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users